3
Ad-Hoc Network A collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. Lack of infrastructure Distributed peer-to-peer mode of operations Multi-hop Routing Applications Military communication Rescue missions in times of natural disasters

4
Vulnerabilities Vulnerabilities of wireless links Changing topology Absence of infrastructure Nodes may be physically controlled by the attacker

6
Node Misbehavior Ad hoc networks maximize total network throughput by using all available nodes for routing and forwarding. A node may misbehave by agreeing to forward the packet and then failing to do so due to overloaded, selfish, malicious or broken Misbehaving nodes can be a significant problem

7
Contemporary Solutions Forward packets only through nodes that share a prior trust relationship. Require key distribution Trust nodes can still be overloaded, broken or compromised Untrusted nodes may be well behaved Isolate the misbehaving from the network. Would add significant complexity to protocols whose behavior must be very well defined

8
Proposed Approach Install extra facilities in the network to detect and mitigate routing misbehavior. Make only minimal changes to the underlying routing algorithm. Introduce two extensions to the Dynamic Source Routing Protocol (DSR) Watchdog Pathrater

9
Definitions & Assumptions Neighbor A node that is within wireless transmission range of another node Neighborhood All the nodes that are within wireless transmission range of a node Links between the nodes are bi-directional Nodes are in promiscuous mode operation Malicious node does not work in group

10
Dynamic Source Routing (DSR) on-demand Route paths are discovered at the time a source sends a packet to a destination for which the source has no path Route Request Message Route Reply Message Generate when the route request reach the destination Or when an intermediate node which contains in its route cache an unexpired route to the destination Route Error Handle link breaks

14
Watchdog Maintain a buffer of recently sent packets Compare each overheard packet with the packet in the buffer to see if there is a match If a packet remained for longer than timeout, increments a failure tally for the node responsible If the tally exceeds a threshold, the node is determined to be misbehaving and the source will be notified

17
Receiver Collision Node S can only tell this whether node A sends the packet to node B, but it cannot tell if B receives it S AB D

18
Limited Transmission Power Misbehaving node can control its transmission power to circumvent the watchdog S AB D

19
Other disadvantages False Misbehavior When nodes falsely report other nodes as misbehaving Collusion Multiple nodes in collusion can mount a more sophisticated attack Partial Dropping A node can circumvent the watchdog by dropping packets at a lower rate than the threshold

20
Pathrater Each node maintains a rating for every other node it knows about in the network It calculates a path metric by averaging the node ratings in the path The metric gives a comparison of the overall reliability of different paths If there are multiple paths to the same destination, it choose the path with the highest metric

24
Simulation Each metric includes two graphs of simulation results for two separate pause times (0s, 60s) Simulate two different node mobility patterns using 4 different pseudo-random number generator seeds Seeds determine which nodes misbehave Plot the average of the 8 simulations

31
Conclusion Ad hoc networks are vulnerable to nodes that misbehave when routing packets Proposed two possible extensions to DSR to mitigate the effects of routing misbehavior Simulation evaluates that the 2 techniques increases throughput by 17% in network with moderate mobility, while increase ratio of overhead to data transmission from 9% to 17% increases throughput by 27% in network with extreme mobility, while increase ratio of overhead to data transmission from 12% to 24%

32
Comments Work does not mention about how the threshold value is calculated - it is one of the important factor in detecting malicious nodes. If malicious nodes work in a group then it is difficult to identify them Paper does not address other attacks such as Mac attack, False route request and reply messages that bring down throughput in ad-hoc network